Contents

Prerequisite

You have to have firmware 1.34 already installed and opened for telnet access.
If not, you can find a guide here: Open Stock Firmware LS-XHL

For Firmwares before 1.34 this also may work, but it's unknown if the IPSEC-XL2TP Packages are also in there.

What's the aim ?

The aim is to realize a VPN-Server that uses L2TP-IPSec as tunneling technology.

Why this, and not PPTP ?
The issue with PPTP is, that it needs MPPE support within the kernel, which is simply not there.

Therefore we are going to use IPSec & L2TP, as they are more secury in most scenarios in any way.

What is needed ?

The good news are: everything is already on the box, you don't have to install any external software-package at all.

The bad news: The packages are configured to be used for a service called PocketU (only in Japan).
As a matter of fact all boxes outside of Japan are not using those things at all.

As a general guidline for an IPSec-L2TP Server we need:
IPSec - Package (here OpenSwan with pluto), an IPSec-Configuration and a tunnel-configuration
L2TP - Package (here xl2tp), and xl2tp-Configuration and ppp.xl2tp options

How does it work

The VPN works as follows:

1) An IPSec tunnel will be opened (using a preshared-key or certificates)

2) Within the tunnel L2TP is used to authenticate a user and do IP-adressing with PPP in there

Configuration

Needed files to be touched / modified:

/etc/init.d/xl2tpd.sh

/etc/ipsec.conf

/etc/ipsec.d/l2tp.conf

/etc/ipsec.d/l2tp.secrets

/etc/xl2tpd/xl2tpd.conf

/etc/ppp/options.xl2tpd

As all these files are already there, make sure, you are backing them up.